MongoDB on a Linux server refers to running the MongoDB NoSQL database on distributions like Ubuntu, Debian, CentOS, RHEL, AlmaLinux, or Rocky Linux.
It involves installing the mongod service, configuring storage, security (auth, TLS, firewall), performance tuning (WiredTiger cache, THP), and managing backups, monitoring, and scaling through replica sets or sharding.
In this guide, you will understand MongoDB on Linux server from the ground up: what it is, how to install and secure it, production-ready configurations, performance tuning, backups, high availability, and practical troubleshooting.
Written for beginners and busy sysadmins, it follows modern best practices aligned with current MongoDB releases and popular Linux distributions.
What is MongoDB and Why Run it on Linux?
MongoDB is a document-oriented database that stores data as flexible JSON-like documents, making it ideal for rapidly evolving applications.
Linux is the most common production platform due to its stability, performance, automation capabilities, and first-class support from MongoDB’s official packages and tooling.
Document Model in a Nutshell
Instead of rows and columns, MongoDB uses collections and documents (BSON). Schemas are flexible, relationships can be embedded or referenced, and indexing is powerful. By default, MongoDB uses the WiredTiger storage engine for compression, concurrency control, and journaling.
When MongoDB Shines
Use MongoDB when you need rapid iteration, semi-structured data, variable schemas, or high write throughput. Common use cases: content management, product catalogs, event logging, IoT telemetry, user profiles, and real-time analytics.
System Requirements and Linux Considerations
Supported Linux Distributions
Official packages exist for Ubuntu LTS (e.g., 20.04, 22.04), Debian stable releases, and RHEL-compatible distros (RHEL, CentOS Stream, AlmaLinux, Rocky Linux). Always match MongoDB’s major version (e.g., 7.0) with a supported OS release.
Sizing, Storage, and Filesystems
Prioritize CPU, RAM, and storage IOPS. For production, choose SSD or NVMe. XFS is recommended for WiredTiger; ext4 is acceptable for tests. Place the data directory on dedicated volumes and separate logs if possible. Monitor disk latency (<5–10 ms ideal under load).
Kernel and OS Tuning
For consistent performance, apply these Linux tunings:
- Disable Transparent Huge Pages (THP)
- Review NUMA settings (prefer interleaving or single zone)
- Increase ulimits (open files, processes)
- Use an appropriate I/O scheduler (none for NVMe, mq-deadline for SSD/SATA)
# Disable THP (runtime)
echo never | sudo tee /sys/kernel/mm/transparent_hugepage/enabled
echo never | sudo tee /sys/kernel/mm/transparent_hugepage/defrag
# Make persistent via systemd drop-in
sudo tee /etc/systemd/system/disable-thp.service >/dev/null <<'EOF'
[Unit]
Description=Disable Transparent Huge Pages
After=network.target
[Service]
Type=oneshot
ExecStart=/bin/sh -c 'echo never > /sys/kernel/mm/transparent_hugepage/enabled'
ExecStart=/bin/sh -c 'echo never > /sys/kernel/mm/transparent_hugepage/defrag'
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
EOF
sudo systemctl daemon-reload
sudo systemctl enable --now disable-thp
# Raise ulimits
sudo tee /etc/security/limits.d/mongodb.conf >/dev/null <<'EOF'
mongod soft nofile 64000
mongod hard nofile 64000
mongod soft nproc 32000
mongod hard nproc 32000
EOFInstall MongoDB on Ubuntu/Debian (APT)
Below is a typical installation flow for Ubuntu 22.04/20.04 or Debian using the official MongoDB repository. Replace 7.0 with the stable major version you target.
# Import MongoDB public GPG key
curl -fsSL https://pgp.mongodb.com/server-7.0.asc | sudo gpg --dearmor -o /usr/share/keyrings/mongodb-server-7.0.gpg
# Add repository (Ubuntu example: jammy=22.04, focal=20.04)
echo "deb [ signed-by=/usr/share/keyrings/mongodb-server-7.0.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/7.0 multiverse" | \
sudo tee /etc/apt/sources.list.d/mongodb-org-7.0.list
# Or for Debian, replace 'ubuntu jammy' with your Debian codename and repo path.
sudo apt update
sudo apt install -y mongodb-org
# Enable and start
sudo systemctl enable --now mongod
# Verify
systemctl status mongod --no-pager
mongosh --eval "db.runCommand({ buildInfo: 1 })"Install MongoDB on RHEL/CentOS/AlmaLinux/Rocky (YUM/DNF)
On RHEL-family systems, use the official yum/dnf repo. Replace 7.0 with your target major version.
sudo tee /etc/yum.repos.d/mongodb-org-7.0.repo >/dev/null <<'EOF'
[mongodb-org-7.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/7.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://pgp.mongodb.com/server-7.0.asc
EOF
sudo dnf install -y mongodb-org
sudo systemctl enable --now mongod
# Verify
sudo systemctl status mongod --no-pager
mongosh --eval "db.adminCommand({ ping: 1 })"Secure MongoDB on a Linux Server
Bind Address and Firewall
By default, MongoDB binds to 127.0.0.1. If you need remote access, bind to a private interface and restrict with a firewall. Never expose port 27017 to the public internet without authentication and TLS.
# /etc/mongod.conf (snippet)
net:
port: 27017
bindIp: 127.0.0.1,10.0.0.10# Ubuntu/Debian (UFW)
sudo ufw allow from 10.0.0.0/24 to any port 27017 proto tcp
# RHEL-family (firewalld)
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.0.0.0/24" port protocol="tcp" port="27017" accept'
sudo firewall-cmd --reload
# SELinux (if changing port from 27017)
sudo semanage port -a -t mongod_port_t -p tcp 27018 || sudo semanage port -m -t mongod_port_t -p tcp 27018Enable Authentication and Create Admin
Enable SCRAM authentication, restart, then create an administrative user. Operate databases with least privilege.
# /etc/mongod.conf (snippet)
security:
authorization: enabled
sudo systemctl restart mongod
# Create admin user
mongosh --host localhost --eval '
use admin;
db.createUser({
user: "siteAdmin",
pwd: passwordPrompt(), // secure prompt
roles: [ { role: "userAdminAnyDatabase", db: "admin" }, { role: "readWriteAnyDatabase", db: "admin" } ]
});'
# Test login
mongosh -u siteAdmin -p --authenticationDatabase adminEnable TLS for Encryption in Transit
Use a server certificate signed by a trusted CA. Enable TLS and require it for all connections.
# /etc/mongod.conf (snippet)
net:
tls:
mode: requireTLS
certificateKeyFile: /etc/ssl/mongodb/server.pem
CAFile: /etc/ssl/mongodb/ca.pem
sudo systemctl restart mongodManage MongoDB with systemd
MongoDB installs the mongod systemd service. Use systemctl for lifecycle and journalctl for logs.
sudo systemctl status mongod
sudo systemctl stop mongod
sudo systemctl start mongod
sudo systemctl restart mongod
sudo journalctl -u mongod -f --no-pagerDefault data path is /var/lib/mongo and logs at /var/log/mongodb/mongod.log. If you move data, update storage.dbPath in mongod.conf and ensure permissions (user:group mongod).
Basic Administration with mongosh
# Connect as admin
mongosh -u siteAdmin -p --authenticationDatabase admin
# Create database user for an app
use myapp;
db.createUser({ user: "appUser", pwd: passwordPrompt(), roles: [ { role: "readWrite", db: "myapp" } ] });
# Create collection, insert, and index
db.orders.insertOne({ orderId: 1, total: 49.99, items: ["A1","B2"], createdAt: new Date() });
db.orders.createIndex({ orderId: 1 }, { unique: true });
# Check performance metrics
db.serverStatus().wiredTiger.cache
db.currentOp()Backup and Restore on Linux
Logical Backups: mongodump/mongorestore
Logical backups are portable and version-friendly. Use –oplog for consistency on running instances and replica sets.
# Full dump with oplog
mongodump --username siteAdmin --authenticationDatabase admin --out /backups/$(date +%F)-dump --oplog
# Restore full dump
mongorestore --drop /backups/2025-01-01-dumpFilesystem Snapshots (LVM/ZFS) with fsyncLock
For large datasets, block-level snapshots are fast. Quiesce writes, snapshot, then unlock.
mongosh -u siteAdmin -p --authenticationDatabase admin --eval 'db.fsyncLock()'
# Take LVM/ZFS snapshot here
mongosh -u siteAdmin -p --authenticationDatabase admin --eval 'db.fsyncUnlock()'Performance Tuning Essentials
WiredTiger Cache and Compression
By default, WiredTiger cache uses about 50% of RAM minus 1 GB. For special workloads, set a cap. Snappy compression balances space and speed; zstd can further compress at higher CPU cost.
# /etc/mongod.conf (snippet)
storage:
wiredTiger:
engineConfig:
cacheSizeGB: 8
collectionConfig:
blockCompressor: snappyIndexes and Query Patterns
Design indexes to match your most frequent query predicates and sort orders. Keep indexes selective, avoid unbounded $regex, and monitor with explain().
# Find slow queries and add indexes accordingly
db.orders.find({ customerId: 123 }).sort({ createdAt: -1 }).explain("executionStats")
db.orders.createIndex({ customerId: 1, createdAt: -1 })Monitoring Tools
Use native tools plus OS metrics:-
- mongostat and mongotop for quick health checks
- db.serverStatus(), serverStatus metrics exporters (Prometheus/Grafana)
- journalctl, vmstat, iostat, sar for system performance
mongostat --rowcount 10
mongotop --locks 5
vmstat 1
iostat -x 1High Availability and Scaling
Replica Sets
Replica sets provide redundancy and automatic failover. Deploy at least three nodes across distinct zones or availability domains. Applications should use drivers with retryable writes and read preferences.
# Initialize a replica set (run on primary)
rs.initiate({
_id: "rs0",
members: [
{ _id: 0, host: "db1:27017" },
{ _id: 1, host: "db2:27017" },
{ _id: 2, host: "db3:27017", arbiterOnly: false }
]
})Sharding
Sharding horizontally partitions data across shards. Choose a shard key with good cardinality and distribution to prevent hotspots. Use sharded clusters when your dataset or throughput outgrows a single replica set.
Common Troubleshooting on Linux
- Cannot connect remotely: verify net.bindIp, firewall rules, and that TLS/auth settings are correct.
- mongod won’t start: check journalctl -u mongod, file permissions on dbPath, disk space, and SELinux contexts.
- High CPU or memory: inspect slow queries via system.profile, validate indexes, and review WiredTiger cache size.
- Disk I/O saturation: confirm SSD/NVMe performance, change I/O scheduler, and analyze page faults and working set size.
FAQs – MongoDB on Linux Server
Is MongoDB good for a Linux VPS?
Yes. A Linux VPS with NVMe storage and sufficient RAM is a great environment for small to medium MongoDB workloads. For high availability, use a multi-node replica set across separate VPS instances or regions.
How do I install MongoDB on Ubuntu 22.04?
Add the official MongoDB APT repository, install mongodb-org, then enable and start mongod. See the commands above, replacing the repo line with the correct Ubuntu codename (jammy for 22.04).
How do I enable MongoDB authentication on Linux?
Set security.authorization: enabled in /etc/mongod.conf, restart mongod, and create an admin user in the admin database with appropriate roles. Always test logging in with mongosh using -u, -p, and –authenticationDatabase admin.
What are best practices to secure MongoDB on a Linux server?
Restrict bindIp, enforce firewall rules, enable authentication and TLS, keep OS and MongoDB updated, limit privileges, rotate credentials, and back up regularly. Monitor logs and metrics to detect anomalies early.
How do I back up and restore MongoDB on Linux?
Use mongodump/mongorestore for logical backups, optionally with –oplog for consistency. For large datasets, use LVM/ZFS snapshots with fsyncLock/fsyncUnlock. Validate backups and test restores periodically.
With these steps, you can confidently run, secure, and scale MongoDB on a Linux server. If you want a performance-tuned, production-ready stack without the learning curve, YouStable’s experts can help you deploy MongoDB the right way from day one.
